Re: [ossec-list] How/where does one get a version of the OSSEC agent-auth application that will run on Windows?

2015-12-22 Thread dan (ddp) 
On Mon, Dec 21, 2015 at 4:34 PM, Chris  wrote:
> I have successfully configured an OSSEC server running on Ubuntu in AWS.
>
>
> I have also successfully automated Ubuntu AWS instances automatically
> installing the OSSEC agent and connecting to the OSSEC server via this
> command /var/ossec/bin/agent-auth -m ossec.myprivatedomain.local -p 1515
>
>
> I am working on automating the installation of the OSSEC agent for Windows
> instances including automating the Windows instances connecting to the OSSEC
> server. I understand that the OSSEC agent for Windows can be downloaded from
> the OSSEC site's "Downloads" page and that it can be silently installed
> using this command line: ossec-agent-win32-2.8.3.exe /S
>
>
> Despite much research, I cannot find out how to get a version of the OSSEC
> agent-auth executable that will run on Windows to allow me to automate the
> Windows instances connecting to the OSSEC server.
>
>
> The closest thing I can find to any mention of the agent-auth application
> being available for Windows is from this blog:
> https://github.com/ossec/ossec-hids/issues/166#issuecomment-41461642 ...
> where a comment states ...
>
> The Windows version of agent-auth was compiled on Linux (Fedora 20) and
> tested on Windows 7 Home Premium 64-bit.
>
> None of the tutorials that talk about compiling the OSSEC agent for Windows
> on Linux address how to compile the agent-auth application for Windows.
>
>
> How/where does one get a version of the OSSEC agent-auth application that
> will run on Windows?
>

I have a currently untested branch for this at
https://github.com/ddpbsd/ossec-hids/tree/winauthd

It's using the current development master as its base. I haven't had
the time or motivation to actually test it yet.

> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] How/where does one get a version of the OSSEC agent-auth application that will run on Windows?

2015-12-22 Thread dan (ddp) 
On Tue, Dec 22, 2015 at 11:48 AM, Chris  wrote:
> Thanks for letting me know. I'll keep an eye on the project to see if future
> releases add support for the agent-auth application for Windows.
>
> The use case is a hybrid environment hosted by Amazon Web Services (AWS)
> where auto-scaling groups cause instances (servers) to come and go.
> Automation technology, such as AWS CloudFormation, allow fully automated
> configuration of the entire server without any manual interaction. The Linux
> version of agent-auth allows this to work well for Linux agents. Not having
> the Windows version prevents OSSEC from being viable in a large-scale cloud
> environment where automation is required. Use of third-party tools such as
> Chef, Puppet, Ansible, etc. can overcome this limitation, but add additional
> considerations.
>

That's a space I'm kinda sorta playing with (although less windows).
If you get the chance to test the windows agent-auth stuff (even in
non-prod stuff), let me know how it works out.

> Thanks,
> Chris
>
>
> On Tuesday, December 22, 2015 at 7:04:55 AM UTC-6, dan (ddpbsd) wrote:
>>
>> On Mon, Dec 21, 2015 at 4:34 PM, Chris  wrote:
>> > I have successfully configured an OSSEC server running on Ubuntu in AWS.
>> >
>> >
>> > I have also successfully automated Ubuntu AWS instances automatically
>> > installing the OSSEC agent and connecting to the OSSEC server via this
>> > command /var/ossec/bin/agent-auth -m ossec.myprivatedomain.local -p 1515
>> >
>> >
>> > I am working on automating the installation of the OSSEC agent for
>> > Windows
>> > instances including automating the Windows instances connecting to the
>> > OSSEC
>> > server. I understand that the OSSEC agent for Windows can be downloaded
>> > from
>> > the OSSEC site's "Downloads" page and that it can be silently installed
>> > using this command line: ossec-agent-win32-2.8.3.exe /S
>> >
>> >
>> > Despite much research, I cannot find out how to get a version of the
>> > OSSEC
>> > agent-auth executable that will run on Windows to allow me to automate
>> > the
>> > Windows instances connecting to the OSSEC server.
>> >
>> >
>> > The closest thing I can find to any mention of the agent-auth
>> > application
>> > being available for Windows is from this blog:
>> > https://github.com/ossec/ossec-hids/issues/166#issuecomment-41461642 ...
>> > where a comment states ...
>> >
>> > The Windows version of agent-auth was compiled on Linux (Fedora 20) and
>> > tested on Windows 7 Home Premium 64-bit.
>> >
>> > None of the tutorials that talk about compiling the OSSEC agent for
>> > Windows
>> > on Linux address how to compile the agent-auth application for Windows.
>> >
>> >
>> > How/where does one get a version of the OSSEC agent-auth application
>> > that
>> > will run on Windows?
>> >
>>
>> I have a currently untested branch for this at
>> https://github.com/ddpbsd/ossec-hids/tree/winauthd
>>
>> It's using the current development master as its base. I haven't had
>> the time or motivation to actually test it yet.
>>
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to ossec-list+...@googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] How/where does one get a version of the OSSEC agent-auth application that will run on Windows?

2015-12-22 Thread Chris 
Thanks for letting me know. I'll keep an eye on the project to see if 
future releases add support for the agent-auth application for Windows.

The use case is a hybrid environment hosted by Amazon Web Services (AWS) 
where auto-scaling groups cause instances (servers) to come and go. 
Automation technology, such as AWS CloudFormation, allow fully automated 
configuration of the entire server without any manual interaction. The 
Linux version of agent-auth allows this to work well for Linux agents. Not 
having the Windows version prevents OSSEC from being viable in a 
large-scale cloud environment where automation is required. Use of 
third-party tools such as Chef, Puppet, Ansible, etc. can overcome this 
limitation, but add additional considerations.

Thanks,
Chris


On Tuesday, December 22, 2015 at 7:04:55 AM UTC-6, dan (ddpbsd) wrote:
>
> On Mon, Dec 21, 2015 at 4:34 PM, Chris  
> wrote: 
> > I have successfully configured an OSSEC server running on Ubuntu in AWS. 
> > 
> > 
> > I have also successfully automated Ubuntu AWS instances automatically 
> > installing the OSSEC agent and connecting to the OSSEC server via this 
> > command /var/ossec/bin/agent-auth -m ossec.myprivatedomain.local -p 1515 
> > 
> > 
> > I am working on automating the installation of the OSSEC agent for 
> Windows 
> > instances including automating the Windows instances connecting to the 
> OSSEC 
> > server. I understand that the OSSEC agent for Windows can be downloaded 
> from 
> > the OSSEC site's "Downloads" page and that it can be silently installed 
> > using this command line: ossec-agent-win32-2.8.3.exe /S 
> > 
> > 
> > Despite much research, I cannot find out how to get a version of the 
> OSSEC 
> > agent-auth executable that will run on Windows to allow me to automate 
> the 
> > Windows instances connecting to the OSSEC server. 
> > 
> > 
> > The closest thing I can find to any mention of the agent-auth 
> application 
> > being available for Windows is from this blog: 
> > https://github.com/ossec/ossec-hids/issues/166#issuecomment-41461642 
> ... 
> > where a comment states ... 
> > 
> > The Windows version of agent-auth was compiled on Linux (Fedora 20) and 
> > tested on Windows 7 Home Premium 64-bit. 
> > 
> > None of the tutorials that talk about compiling the OSSEC agent for 
> Windows 
> > on Linux address how to compile the agent-auth application for Windows. 
> > 
> > 
> > How/where does one get a version of the OSSEC agent-auth application 
> that 
> > will run on Windows? 
> > 
>
> I have a currently untested branch for this at 
> https://github.com/ddpbsd/ossec-hids/tree/winauthd 
>
> It's using the current development master as its base. I haven't had 
> the time or motivation to actually test it yet. 
>
> > -- 
> > 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "ossec-list" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ossec-list+...@googlegroups.com . 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] How/where does one get a version of the OSSEC agent-auth application that will run on Windows?

2015-12-21 Thread Chris 


I have successfully configured an OSSEC server running on Ubuntu in AWS.


I have also successfully automated Ubuntu AWS instances automatically 
installing the OSSEC agent and connecting to the OSSEC server via this 
command /var/ossec/bin/agent-auth -m ossec.myprivatedomain.local -p 1515


I am working on automating the installation of the OSSEC agent for Windows 
instances including automating the Windows instances connecting to the 
OSSEC server. I understand that the OSSEC agent for Windows can be 
downloaded from the OSSEC site's "Downloads" page and that it can be 
silently installed using this command line: ossec-agent-win32-2.8.3.exe /S


Despite much research, I cannot find out how to get a version of the OSSEC 
agent-auth executable that will run on Windows to allow me to automate the 
Windows instances connecting to the OSSEC server.


The closest thing I can find to any mention of the agent-auth application 
being available for Windows is from this blog: 
https://github.com/ossec/ossec-hids/issues/166#issuecomment-41461642 ... 
where a comment states ...

The Windows version of agent-auth was compiled on Linux (Fedora 20) and 
tested on Windows 7 Home Premium 64-bit.

None of the tutorials that talk about compiling the OSSEC agent for Windows 
on Linux address how to compile the agent-auth application for Windows.


How/where does one get a version of the OSSEC agent-auth application that 
will run on Windows?

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.